Manage users, groups, and privileges

Manage users, groups, and privileges

Overview

Explains what the feature is or what its benefits are to the user or customer.

Feature

Before people can log in and use ThoughtSpot, you need to create a username, a password, and a membership in one or more groups for them. Creating groups and assigning users to them makes privilege management easier.

Ways of managing users and groups

This section describes manual creation of users, groups, and privileges, but you can also manage users through LDAP or SAML. For information on setting up SAML authentication, see the ThoughtSpot Application Integration Guide.

The "All" group

There is a default group called All, which includes every user in ThoughtSpot. When you create a new user, they will be added to the All group automatically. You cannot delete the All group or remove members from it.

Privileges

Privileges determine what kinds of actions users are allowed to do. Plan your groups so that you can use them to assign a common set of privileges to multiple users. Privileges are set at the group level. For more information on the privileges you can assign and how to assign them, see About privileges.

Nested groups (groups within groups)

You can also have a hierarchy of groups. That is, groups can belong to (i.e. be children of) other groups. When using group hierarchies, permissions are inherited from the parent group. So if you're a member of a sub-group, you would automatically have the privileges of the parent group.

About privileges
You can assign privileges at the group level. Then you create users and assign them to groups. This is how you grant users access to different capabilities in ThoughtSpot.

Add a group and set security privileges
Before adding users, create the groups they will belong to. Each group includes a set of privileges for its users. Good planning when creating groups and assigning privileges will pay off in ease of administration and a better search experience.

Edit or delete a group
After adding a group, you can always go in and change its settings to add or revoke privileges. The new settings will apply to all the group members.

Add a user
You will create a user account for each unique person who will access ThoughtSpot, either manually or through LDAP. This procedure shows how to creating a user manually.